Intel Stratix 10 SoC UEFI Boot Loader User Guide

RSS

UG-20080 | 2019.03.28

Boot Flow Overview

This document provides comprehensive information on Unified Extensible Firmware Interface (UEFI) boot loader for Intel Stratix 10 SoC.

The Intel Stratix 10 SoC provides a secure boot flow, consisting of:

The boot ROM
The secure device manager (SDM)
The Secure Monitor
The UEFI boot loader

The Intel Stratix 10 SoC secure boot flow ensures that the system boot loader is signed with a cryptographic key, validated by the firmware.

The Secure Monitor stage also implements the TrustZone* model of secure partitioning. This model divides the software environment into two isolated partitions, called the secure world and the non-secure world. The two worlds can only communicate with each other through the Secure Monitor.

The binary image of the UEFI boot loader can be stored on Quad SPI flash, NAND flash, or an SD/MMC card. On board power-up, the secure device manager (SDM) loads the Secure Monitor directly onto Hard Processor System (HPS) on-chip RAM. Then the Secure Monitor loads the UEFI boot loader in HPS DDR memory.

The Secure Monitor tasks include:

Initializing DDR SDRAM memory
Configuring low level hardware, such as PLL, IOs, and pin MUXes, needed by nonsecure world software

The UEFI boot loader tasks include:

Providing Ethernet support
Supporting basic hardware diagnostic features
Fetching subsequent boot software such as the operating system package or kernel image.

Note: For non-secure boot, the operating system package can include kernel image, device tree blob and filesystem. For secure boot it can be a secure kernel.

Figure 1. UEFI Boot Flow Overview

System Requirements

To load and execute the Intel Stratix 10 SoC Unified Extensible Firmware Interface (UEFI) boot loader, your system must meet the following requirements.

Minimum Hardware Requirements

Windows PC or Linux workstation with the following configuration:

Serial terminal, such as Minicom for Linux or Tera Tem for Windows
microSD card slot or microSD card writer or SD capable writer with SD to microSD converter

Table 1. Platform Capabilities
	Linux	Windows
Able to compile the UEFI boot loader	Yes	Yes
Able to compile the Secure Monitor	Yes	No

Minimum Software Requirements

Intel^® SoC FPGA Embedded Development Suite (SoC EDS) v18.1
Linaro aarch64-linux-gnu-gcc toolchain version 4.8.3 20140401

Optional Virtual Platforms

Virtual platforms are available for the Intel^® Stratix^® 10 SoC. A virtual platform enables you to develop and test software before target hardware is available.

The following virtual platforms are available for the Intel^® Stratix^® 10 SoC:

Wind River Simics*. The Simics* virtual platform is available under license, free of charge. To get the Simics* virtual platform and documentation, contact Wind River at www.windriver.com/products/simics.
Intel^® Stratix^® 10 SoC Virtual Platform v. 1.3 from Mentor Graphics* . The Intel^® Stratix^® 10 SoC Virtual Platform and documentation are available at Mentor* Embedded for Intel Stratix FPGAs and SoCs.

Getting Started

Installing Software Components

Installing the Intel SoC EDS

You must install the Intel^® SoC EDS v18.1 on your machine.

Download the SoC EDS from the Download Center for FPGAs.

Installing the Compiler Toolchain

You compile the UEFI boot loader and the Secure Monitor with the GNU Toolchain (EABI Release) for Arm* Processors.

The supported compiler toolchain is Linaro* aarch64-linux-gnu-gcc (crosstool-NG linaro-1.13.1-4.8-2014.04 - Linaro GCC 4.8-2014.04) 4.8.3 20140401 (prerelease). You can download the toolchain from https://releases.linaro.org/archive/14.04/components/toolchain/binaries/.

Linux: gcc-linaro-aarch64-linux-gnu-4.8-2014.04_linux.tar
Windows: gcc-linaro-aarch64-linux-gnu-4.8-2014.04_win32.zip

Building the Secure Monitor

As security becomes more and more important, a secured boot solution becomes a requirement in the embedded world. To ensure comprehensive security and a trusted platform, secure partitioning is required. The Intel Stratix 10 device achieves secure partitioning by implementing the TrustZone model with Arm* Trusted Firmware (ATF). The TrustZone model splits the computing environment into two isolated worlds, the secure world and normal world, which are linked by a software monitor called the Secure Monitor. The two worlds have separated logical address space and peripherals. Communication between the two worlds is only possible by calling the privileged Secure Monitor call (SMC) instruction.

The full secure boot solution is:

BootRom
Secure Device Manager
Secure Monitor
Uboot/UEFI
Hypervisor
OS

Secure Monitor mode is a privileged mode and is always secure regardless of the state of the NS bit. The Secure Monitor is code that runs in Secure Monitor mode and processes switches to and from the Secure world. The overall security of the software relies on the security of this code along with the Secure boot code.

User Configuration

You can find all platform configurations in arm-trusted-firmware/plat/intel/soc/stratix10/platform_def.h.

For user configuration, you should only modify the first part of this file.

/**********************************************************************
User configuration
*********************************************************************/
//#define EMULATOR
//#define VIRTUAL_PLATFORM
#define ENABLE_HANDOFF
#define PLAT_SEMIHOSTING_ENABLE
#define PLAT_NS_IMAGE_OFFSET 0x50000
#define PLAT_HANDOFF_OFFSET 0xFFE3F000
#define BOOT_SOURCE BOOT_SOURCE_SDMMC

Note: To change the boot filename or offset, you can change the #define in this file.

Getting the Arm Trusted Firmware Source Code

The ATF source is at https://github.com/altera-opensource/arm-trusted-firmware. To get the ATF source code, simply run the following steps:

Open a terminal.
Create a new directory to check out the ATF source code from GitHub.
Change to this working directory and clone the ATF source from the Git trees as follows:
```
$ git clone https://github.com/altera-opensource/arm-trusted-firmware 
```
When completed, change to the arm-trusted-firmware folder and perform a Git check out as follows:
```
$ cd arm-trusted-firmware
$ git checkout -t -b test_atf origin/socfpga_v1.4
```

Building the BL31 image

This section describes how to build the ATF with the Linaro GCC compiler.

To start building the ATF with the Linaro GCC compiler, simply run the following steps:

Change your directory to the ATF source code location as follows:
```
$ cd arm-trusted-firmware
```

Set the GCC path and environment variable CROSS_COMPILE to Linaro cross compile as follows:

$ export PATH=<your gcc directory>/\
gcc-linaro-aarch64-linux-gnu-4.8-2014.04_linux/bin:$PATH
$ export CROSS_COMPILE=aarch64-linux-gnu-

Remove the build tree completely as follows:
```
$ make realclean
```
Build the ATF by using the following command:
```
$ make PLAT=stratix10 DEBUG=1
```
Note: You must enable debugging GCC 4.8. You can disable debugging for GCC 4.9 and above.
The following messages appear when the ATF build is successful:

The table below lists the Secure Monitor output files.

Table 2. Descriptions of Secure Monitor Files
File Path and Name	Description
\build\stratix10\release\bl31.bin	Generated binary file
\build\stratix10\release\bl31\bl31.elf	Generated elf file
\build\stratix10\debug\bl31.bin	Generated debug binary file
\build\stratix10\debug\bl31\bl31.elf	Generated debug elf file

Note: The first two files in the table above are generated if you run make PLAT=stratix10 without the DEBUG option.

Building the UEFI Boot Loader

To build a UEFI boot loader, you obtain the UEFI source code and compile the UEFI source with the supported toolchain.

The Unified Extensible Firmware Interface (UEFI) is a standardized firmware specification that simplifies and secures platform initialization and firmware bootstrap operations. UEFI is currently developed and supported by representatives from more than 250 industry-leading technology companies. Arm* and the Linaro Enterprise Group are also promoting the use of UEFI on Arm* architecture, because the UEFI specification helps standardize the boot process for Arm* processor-based platforms.

UEFI technology is future-proofed through standardization of firmware design rather than proprietary firmware design. UEFI specifications promote business and technological efficiency, improve performance and security, facilitate interoperability between devices, platforms and systems and comply with next-generation technologies. The UEFI specification is peer-reviewed and published, allowing developers to write firmware once per platform and reuse it without much modification. This reuse results in cost and time savings during boot loader development.

This framework uses the BSD license, permitting you to optionally commercialize your implementation with minimal legal issues.

You can compile the UEFI source code either in a Windows or in a Linux system.

Prerequisites

For Windows System

If you are using a Windows system, you must have Git installed. You can download Git from www.git-scm.com/download/win.

For Linux System

Building the UEFI requires additional Linux packages. Depending on your Linux distribution, the command to install the packages is different:

If you are using a Ubuntu distribution, type:

$ sudo apt-get install uuid-dev build-essential

If you using a Fedora distribution, type:

$ sudo yum install uuid-devel libuuid-devel

For building UEFI, the Python package is required. If Python is not already available on your system, running the commands from the SoC EDS Embedded Command Shell provides the required Python dependency.

Obtaining the UEFI Source Code

The UEFI source code is located in GitHub. The following steps show you how to get the UEFI source code.

Open a terminal.

Clone the UEFI source from the Git trees.

$ git clone https://github.com/altera-opensource/uefi-socfpga

When completed, change to the uefi-socfpga folder and perform a Git check out.
```
$ cd uefi-socfpga 
$ git checkout -t -b test_uefi origin/socvp_socfpga_udk2015
```

Compiling the UEFI Source Code with the Linaro Tool Chain

Windows System

To compile the UEFI source code with the Linaro toolchain in a Windows system:

Open the command prompt.
Go to your working directory and set SOCEDS_DEST_ROOT to the location of your SoC EDS.
```
$ cd <your_working_directory>\uefi-socfpga
$ set SOCEDS_DEST_ROOT=<your_SOCEDS_location>
```
Set the GCC path to the location of the compiler toolchain.
```
$ set PATH=<your_Linaro GCC Toolchain_location>;%PATH%
```
Note:
If you encountered a GCC error while compiling the UEFI source code after setting the path, you can edit the setup.bat file manually by entering the following command to use the full compiler path.
```
set GCC48_ARM_PREFIX=%DS5_ROOT%\sw\gcc\bin\arm-linux-gnueabihf-
set GCC48_AARCH64_PREFIX=<your working directory>\uefi_17v0_window\gcc-linaro-aarch64-linux-gnu-4.8-2014.04_win32\bin\aarch64-linux-gnu-
```
Run the setup command.
```
$ setup.bat
```
Build the UEFI by entering the following command:
```
$ make device=s10
```
The command prompt displays Build Done after the UEFI compilation is successful.

Figure 2. Command Prompt Display

Linux System

This section explains how to compile the UEFI source code with the Linaro toolchain in a Linux system:

Open a terminal and enter the following command:

$ cd <your_uefi_directory>/uefi-socfpga
$ export PATH=<your gcc directory>/\
gcc-linaro-aarch64-linux-gnu-4.8-2014.04_linux/bin:$PATH

Clean the entire <your_uefi_directory>/uefi-socfpga/Build/ folder and BaseTools folder by entering the following command:
```
$ make clean
```
Compile the UEFI boot loader for the Intel Stratix 10 SoC device by entering the following command:
```
$ make DEVICE=s10
```
Your terminal displays a "Build Done" message after the UEFI is successfully compiled.

UEFI Generated Files

Compiling the UEFI source code creates the following files in the /uefi-socfpga/Build/Stratix10SoCPkg/RELEASE_GCC48 folder:

Table 3. UEFI Generated Files
File	Description
PEI.ROM	This is the UEFI Pre-EFI Initialization (PEI) phase image which acts as a second stage boot loader. This file is programmed onto the flash daughter card.
load_uefi_fw.ds	This is the DS-5 script template. It is imported to the DS-5 tool and loads the UEFI firmware for debug and development purposes. This script loads the debug symbols. It supports the GCC compiler. ARMCC is not supported.
DXE.ROM	This file loads the optional second stage of the UEFI boot loader when you want to boot the UEFI shell and utilize the TFTP feature or run a UEFI application.

Running UEFI on Intel Stratix 10 Hardware

Running on a Physical Board with ATF and UEFI Bootloader

This section describes how to run the Secure Monitor on a physical board.

Generate a .sof file with ATF

Get a .sof file from the $SOCEDS_DEST_ROOT installation directory.

Convert the binary file bl31.bin, generated in Building the BL31 Image.

$ aarch64-linux-gnu-objcopy -I binary -O ihex - \
-change-addresses 0xffe00000 bl31.bin bl31.hex

Include the bootloader into the .sof file as follows:

$ quartus_cpf - -bootloader=bl31.hex \
ghrd_1sx280lu3f50i3vg.sof ghrd_1sx280lu3f50i3vg_hps.sof

Creating an SD Card Image with PEI.ROM and DXE.ROM

Generate PEI.ROM and DXE.ROM as in Building the UEFI Boot Loader.
Get a prebuilt SD card image from Rocketboards at https://releases.rocketboards.org/release/2018.10/gsrd/s10_gsrd/.
Program the prebuilt SD card image into SD card.
Copy PEI.ROM and DXE.ROM to the FAT partition of the SD card.

Running the Secure Monitor

Power up the board after the SD card is inserted.
Open Quartus programmer and program the board with the .sof file generated in Generating a .sof File with ATF.

The board boots up from the ATF and automatically loads PEI.ROM and DXE.ROM from SDMMC to boot to the DXE phase.

Debugging with DS-5

This section describes how to load ATF and the UEFI bootloader to the physical board through the DS-5 debugger.

Launch eclipse by using the following command:
```
$ eclipse &
```
Switch to the DS-5 Debug perspective as follows:
Create an S10 Separate JTAG DSTREAM debug configuration as shown in the following figure.
Connect to the target when the configuration is complete.
At the DS-5 command console, run the following commands:
```
$ interrupt
$ restore <Path to bl31.bin> binary 0xffe00000
$ set var $pc=0xffe00000
$ continue
```
Note: If semihosting is enabled in platform_def.h for building the bl31 image, DS-5 must enable it too with the command set semihosting enable true before the command continue to continue the boot up process.
This step loads the ATF to the board and continues the boot up process. It loads PEI.ROM and DXE.ROM from SDMMC automatically.
If you want to use the debugger to load PEI.ROM and DXE.ROM to memory, modify the configuration in your platform_def.h file and bl31_plat_setup.c file before building the bl31 image.
Open the platform_def.h file located in arm-trusted-firmware/plat/intel/soc/stratix10/platform_def.h and enable semihosting as follows:
```
# define PLAT_SEMIHOSTING_ENABLE
```
Open arm-trusted-firmware/plat/intel/soc/stratix10/bl31_plat_setup.c and comment out the line shown below:
```
//LoadBootImageFile (PLAT_NS_IMAGE_NAME, PLAT_NS_IMAGE_OFFSET);
```
Regenerate the bl31 image and follow Step 5 to load the ATF to the physical board. Interrupt the processor through the DS-5 debugger after memory initialization succeeds, as follows:
$ interrupt
Load PEI.ROM and DXE.ROM to the physical board with the DS-5 debugger by using the following command:
```
$ restore <Path_to_PEI.ROM> binary 0x50000
$ restore <Path_to_DXE.ROM> binary 0x02000000
$ continue
  
```

Booting Linux

This section shows you how to boot Linux after UEFI enters the DXE phase.

Booting from the DXE Console

Boot the board up to the DXE phase, as described in Running the Secure Monitor.
Once the DXE phase is loaded, enter the following command to boot Linux:
```
$ Linuxloader fs1:Image -d fs1:socfpga_stratix10_socdk.dtb \
-c "console=ttyS0,115200 root=/dev/mmcblk0p2 rwrootwait"
```
Note: Make sure Linux image is stored in the SD card.

Document Revision History for Intel Stratix 10 SoC UEFI Boot Loader User Guide

Date	Version	Changes
March 2019	2019.03.28	Added new section, Optional Virtual Platforms Added new section, Building the Secure Monitor , to describe new boot stage and secure boot Updated Boot Flow Overview for the Secure Monitor Updated UEFI Generated Files Removed sections Intel Stratix 10 SoC Virtual Platform and Booting PXE using Intel Stratix 10 SoC Virtual Platform, and other detailed documentation of the Intel^® Stratix^® 10 SoC Virtual Platform. Added new section, Running UEFI on Intel Stratix 10 Hardware
June 2017	2017.06.19	Initial release